76 replies to this topic

[AplusWebMaster]

FYI...

Thunderbird v3.1.5 released
- http://www.mozillame...erbird/all.html

- http://www.mozillame...5/releasenotes/
v.3.1.5, released October 19, 2010
• Several fixes to improve performance, stability and security, see the Security Advisory.
• Several fixes to improve the user interface and add-ons experience.

- https://bugzilla.moz...e0-0-0=.5-fixed
59 bugs found.

[AplusWebMaster]

FYI...

Thunderbird v3.1.6 released
- http://secunia.com/advisories/41975/
Release Date: 2010-10-28
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution: Update to version 3.0.10 and 3.1.6.
Original Advisory: Mozilla:
http://www.mozilla.o...fsa2010-73.html

- http://www.securityt....com/id?1024651
Oct 28 2010

[AplusWebMaster]

FYI...

Thunderbird v3.1.7 released
- http://www.mozillame...om/thunderbird/
released December 9, 2010

- http://www.mozillame...7/releasenotes/

- http://www.mozilla.o...hunderbird3.1.7
Fixed in Thunderbird 3.1.7
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

- https://bugzilla.moz...e0-0-0=.7-fixed
85 bugs fixed...

- http://secunia.com/advisories/42519/
Release Date: 2010-12-10
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 3.1.7 or 3.0.11.
Original Advisory:
http://www.mozilla.o...fsa2010-74.html
http://www.mozilla.o...fsa2010-75.html
http://www.mozilla.o...fsa2010-78.html

- http://www.securityt....com/id?1024846
Dec 10 2010

Edited by AplusWebMaster, 10 December 2010 - 06:59 AM.

[AplusWebMaster]

FYI...

Thunderbird v.3.1.8 released
- http://www.mozillame...8/releasenotes/
March 1st, 2011

Fixed in Thunderbird 3.1.8
- http://www.mozilla.o...hunderbird3.1.8

Buglist:
- https://bugzilla.moz...e0-0-0=.8-fixed
57 bugs found.

- http://www.mozillame...erbird/all.html
___

- http://secunia.com/advisories/43586/
Release Date: 2011-03-02
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote
Solution: Update to version 3.1.8.
Original Advisory:
http://www.mozilla.o...fsa2011-01.html
http://www.mozilla.o...fsa2011-08.html
http://www.mozilla.o...fsa2011-09.html

- http://www.securityt....com/id/1025135
Mar 2 2011

Edited by AplusWebMaster, 02 March 2011 - 09:08 AM.

[AplusWebMaster]

FYI...

Thunderbird v3.1.10 released
- http://www.mozillame...0/releasenotes/
April 28, 2011

- https://bugzilla.moz...0-0-2=.16-fixed
71 bugs found/fixed.

- http://www.securityt....com/id/1025458
Impact: Execution of arbitrary code via network, User access via network
CVE Reference: CVE-2011-0069, CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0079, CVE-2011-0080, CVE-2011-0081
Version(s): -prior- to 3.1.10
Apr 29 2011

[AplusWebMaster]

FYI...

Thunderbird v3.1.11 released
- http://www.mozillame...erbird/all.html
June 21st, 2011

Release Notes
- http://www.mozillame...1/releasenotes/

- http://www.mozilla.o...fsa2011-19.html

Bug fixes
- https://bugzilla.moz...0-0-0=.11-fixed
22 bugs found

- http://www.securityt....com/id/1025686
Date: Jun 22 2011
CVE Reference: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can obtain cookies from another domain in certain cases...
Version(s): prior to 3.1.11 ...
Solution: The vendor has issued a fix (3.1.11).

[AplusWebMaster]

FYI...

Thunderbird v5.0 released
- https://www.mozilla....erbird/all.html
June 28, 2011

Release Notes
- https://www.mozilla....0/releasenotes/

- https://addons.mozil...browse=featured

[AplusWebMaster]

FYI...

Thunderbird v6.0 released
- https://www.mozilla....erbird/all.html
August 16, 2011

Release Notes
- https://www.mozilla....0/releasenotes/

- https://addons.mozil...browse=featured
___

MFSA 2011-31 - Security issues addressed in Thunderbird 6
- http://www.mozilla.o...fsa2011-31.html
CVE References: CVE-2011-0084, CVE-2011-2985, CVE-2011-2986, CVE-2011-2987, CVE-2011-2988, CVE-2011-2989, CVE-2011-2991, CVE-2011-2992
MFSA 2011-32 - Security issues addressed in Thunderbird 3.1.12
- http://www.mozilla.o...fsa2011-32.html
CVE References: CVE-2011-0084, CVE-2011-2378, CVE-2011-2980, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
___

Thunderbird v3.1.12 released
- https://www.mozilla..../all-older.html
August 16, 2011

Edited by AplusWebMaster, 17 August 2011 - 04:24 AM.

[AplusWebMaster]

FYI...

Thunderbird v7.0.1 released
- https://www.mozilla....1/releasenotes/
September 30, 2011

Security issues
- https://www.mozilla....ml#thunderbird7

Download
- https://www.mozilla....erbird/all.html

- http://www.securityt....com/id/1026122
CVE Reference: CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2997, CVE-2011-3000, CVE-2011-3001, CVE-2011-3005, CVE-2011-3232
Sep 29 2011
"... prior to 7.0..."
___

Thunderbird v3.1.15
- https://www.mozilla..../all-older.html

Release notes
- https://www.mozilla....5/releasenotes/
September 27, 2011

Edited by AplusWebMaster, 03 October 2011 - 07:14 AM.

[AplusWebMaster]

FYI...

Thunderbird v9.0 released
- https://www.mozilla....0/releasenotes/
December 20, 2011

Download
- https://www.mozilla....erbird/all.html

Fixed in Thunderbird 9
- https://www.mozilla....ml#thunderbird9
MFSA 2011-58 Crash scaling <video> to extreme sizes
MFSA 2011-57 Crash when plugin removes itself on Mac OS X
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)

- http://web.nvd.nist....d=CVE-2011-3658 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3660 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3661 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3663 - 4.3
- http://web.nvd.nist....d=CVE-2011-3664 - 6.8
- http://web.nvd.nist....d=CVE-2011-3665 - 7.5 (HIGH)
Last revised: 12/21/2011
"... Thunderbird 5.0 through 8.0..."

- http://www.securityt....com/id/1026447
Dec 21 2011
___

Thunderbird v3.1.7 released
- https://www.mozilla..../all-older.html

- http://web.nvd.nist....d=CVE-2011-3666
Last revised: 12/21/2011
CVSS v2 Base Score: 6.8 (MEDIUM)
"... Thunderbird before 3.1.7..."
___

- http://h-online.com/-1400073
22 December 2011

Edited by AplusWebMaster, 22 December 2011 - 05:36 PM.

[AplusWebMaster]

FYI...

- https://www.mozilla....fsa2012-10.html
Feb 10, 2012 - "... Fixed in: ... Thunderbird 10.0.1..."
Impact: Critical...
___

Thunderbird v10.0 released
- https://www.mozilla....0/releasenotes/
Jan 31, 2012 What's New...

Download
- https://www.mozilla....erbird/all.html

Fixed in Thunderbird 10
- https://www.mozilla....l#thunderbird10
MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 <iframe> element exposed across domains via name attribute
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)
___

Thunderbird v3.1.18 released
- https://www.mozilla..../all-older.html

Edited by AplusWebMaster, 11 February 2012 - 01:12 PM.

[AplusWebMaster]

FYI...

Thunderbird v.11.0 released
- https://www.mozilla.....0/releasenotes
v.11.0, released: March 13, 2012

Security Advisories
- https://www.mozilla....l#thunderbird11
Fixed in Thunderbird 11
MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
MFSA 2012-18 window.fullScreen writeable by untrusted content
MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
MFSA 2012-16 Escalation of privilege with java script: URL as home page
MFSA 2012-15 XSS with multiple Content Security Policy headers
MFSA 2012-14 SVG issues found with Address Sanitizer
MFSA 2012-13 XSS with Drag and Drop and java script: URL
MFSA 2012-12 Use-after-free in shlwapi.dll

Bugs fixed
- https://www.mozilla....es/buglist.html

Download
- https://www.mozilla....erbird/all.html

[AplusWebMaster]

FYI...

Thunderbird v12.0 released
- https://www.mozilla.....0/releasenotes
April 24, 2012 ... See Known Issues

Security Advisories
- https://www.mozilla....l#thunderbird12
Fixed in Thunderbird 12
MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
MFSA 2012-31 Off-by-one error in OpenType Sanitizer
MFSA 2012-30 Crash with WebGL content using textImage2D
MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
MFSA 2012-27 Page load short-circuit can lead to XSS
MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
MFSA 2012-24 Potential XSS via multibyte content processing errors
MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
MFSA 2012-22 use-after-free in IDBKeyRange
MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)

Bugs fixed
- https://www.mozilla....es/buglist.html

Download
- https://www.mozilla....erbird/all.html
___

- https://secunia.com/advisories/48932/
Release Date: 2012-04-25
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Firefox version 12.0 and Thunderbird version 12.0...

- http://www.securityt....com/id/1026973
Date: Apr 24 2012
CVE Reference: CVE-2011-1187, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Version(s): prior to 12.0...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with a target site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can spoof certain web sites.
A remote user can obtain potentially sensitive information...

Edited by AplusWebMaster, 25 April 2012 - 03:57 AM.

[AplusWebMaster]

FYI...

Thunderbird v13.0 released
- https://www.mozilla.....0/releasenotes
June 5, 2012 ... See Known Issues

Security Advisories
- https://www.mozilla....l#thunderbird13
Fixed in Thunderbird 13
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards

Bugs fixed
- https://www.mozilla....es/buglist.html

Download
- https://www.mozilla....erbird/all.html
___

- http://www.securityt....com/id/1027122
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-0441 - 5.0
- http://web.nvd.nist....d=CVE-2012-1937 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1938 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1939 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1940 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1941 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1942 - 7.2 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1943 - 6.9
- http://web.nvd.nist....d=CVE-2012-1944 - 4.3
- http://web.nvd.nist....d=CVE-2012-1945 - 2.9
- http://web.nvd.nist....d=CVE-2012-1946 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1947 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-3105 - 9.3 (HIGH)
Jun 6 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 13.0

- https://secunia.com/advisories/49368/
Release Date: 2012-06-06
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Exposure of sensitive information, Privilege escalation, System access
Where: From remote
Solution: Upgrade to... Thunderbird version 13.0.

Edited by AplusWebMaster, 07 June 2012 - 11:46 AM.

[AplusWebMaster]

FYI...

Thunderbird v14.0 released
- https://www.mozilla.....0/releasenotes
July 17, 2012 ... See Known Issues

Security Advisories
- https://www.mozilla....l#thunderbird14
Fixed in Thunderbird 14
MFSA 2012-56 Code execution through java script: URLs
MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
MFSA 2012-51 X-Frame-Options header ignored when duplicated
MFSA 2012-50 Out of bounds read in QCMS
MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
MFSA 2012-47 Improper filtering of javascript in HTML feed-view
MFSA 2012-45 Spoofing issue with location
MFSA 2012-44 Gecko memory corruption
MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)

Bugs fixed
- https://www.mozilla....es/buglist.html

Download
- https://www.mozilla....erbird/all.html
___

- https://secunia.com/advisories/49993/
Release Date: 2012-07-18
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 14...

- http://www.securityt....com/id/1027257
CVE Reference: CVE-2012-1948, CVE-2012-1949, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1967
Jul 17 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 14 ...